Merge pull request #196 from liwenwu-amazon/primary-intf-name

Add logic to dynamically discover primary interface name

ipamd/ipamd.go

@@ -218,7 +218,7 @@ func (c *IPAMContext) nodeInit() error {
 
 	primaryIP := net.ParseIP(c.awsClient.GetLocalIPv4())
 
-	err = c.networkClient.SetupHostNetwork(vpcCIDR, &primaryIP)
+	err = c.networkClient.SetupHostNetwork(vpcCIDR, c.awsClient.GetPrimaryENImac(), &primaryIP)
 	if err != nil {
 		log.Error("Failed to setup host network", err)
 		return errors.Wrap(err, "ipamd init: failed to setup host network")

ipamd/ipamd_test.go

@@ -105,7 +105,8 @@ func TestNodeInit(t *testing.T) {
 
 	_, vpcCIDR, _ := net.ParseCIDR(vpcCIDR)
 	primaryIP := net.ParseIP(ipaddr01)
-	mockNetwork.EXPECT().SetupHostNetwork(vpcCIDR, &primaryIP).Return(nil)
+	mockAWS.EXPECT().GetPrimaryENImac().Return("")
+	mockNetwork.EXPECT().SetupHostNetwork(vpcCIDR, "", &primaryIP).Return(nil)
 
 	//primaryENIid
 	mockAWS.EXPECT().GetPrimaryENI().Return(primaryENIid)

pkg/awsutils/awsutils.go

@@ -124,6 +124,8 @@ type APIs interface {
 
 	// GetENILimit returns the number of enis can be attached to an instance
 	GetENILimit() (int, error)
+	// GetPrimaryENImac returns the mac address of the primary eni
+	GetPrimaryENImac() string
 }
 
 // EC2InstanceMetadataCache caches instance metadata
@@ -939,3 +941,8 @@ func (cache *EC2InstanceMetadataCache) GetLocalIPv4() string {
 func (cache *EC2InstanceMetadataCache) GetPrimaryENI() string {
 	return cache.primaryENI
 }
+
+// GetPrimaryENIMAC returns the mac address of primary eni
+func (cache *EC2InstanceMetadataCache) GetPrimaryENImac() string {
+	return cache.primaryENImac
+}

pkg/networkutils/network.go

@@ -75,7 +75,7 @@ const (
 // NetworkAPIs defines the host level and the eni level network related operations
 type NetworkAPIs interface {
 	// SetupNodeNetwork performs node level network configuration
-	SetupHostNetwork(vpcCIDR *net.IPNet, primaryAddr *net.IP) error
+	SetupHostNetwork(vpcCIDR *net.IPNet, primaryMAC string, primaryAddr *net.IP) error
 	// SetupENINetwork performs eni level network configuration
 	SetupENINetwork(eniIP string, mac string, table int, subnetCIDR string) error
 }
@@ -126,9 +126,34 @@ func isDuplicateRuleAdd(err error) bool {
 	return strings.Contains(err.Error(), "File exists")
 }
 
+// find out the primary interface name
+func findPrimaryInterfaceName(primaryMAC string) (string, error) {
+
+	log.Debugf("Trying to find primary interface that has mac : %s", primaryMAC)
+
+	interfaces, err := net.Interfaces()
+
+	if err != nil {
+		log.Errorf("Failed to read all interfaces: %v", err)
+		return "", errors.Wrapf(err, "findPrimaryInterfaceName: failed to find interfaces")
+	}
+
+	for _, intf := range interfaces {
+		log.Debugf("Discovered interface: %v, mac: %v", intf.Name, intf.HardwareAddr)
+
+		if strings.Compare(primaryMAC, intf.HardwareAddr.String()) == 0 {
+			log.Infof("Discovered primary interface: %s", intf.Name)
+			return intf.Name, nil
+		}
+	}
+
+	log.Errorf("No primary interface found")
+	return "", errors.New("no primary interface found")
+}
+
 // SetupHostNetwork performs node level network configuration
 // TODO : implement ip rule not to 10.0.0.0/16(vpc'subnet) table main priority  1024
-func (n *linuxNetwork) SetupHostNetwork(vpcCIDR *net.IPNet, primaryAddr *net.IP) error {
+func (n *linuxNetwork) SetupHostNetwork(vpcCIDR *net.IPNet, primaryMAC string, primaryAddr *net.IP) error {
 	log.Info("Setting up host network")
 	hostRule := n.netLink.NewRule()
 	hostRule.Dst = vpcCIDR
@@ -154,6 +179,12 @@ func (n *linuxNetwork) SetupHostNetwork(vpcCIDR *net.IPNet, primaryAddr *net.IP)
 	}
 
 	if n.nodePortSupportEnabled {
+
+		primaryIntf, err := findPrimaryInterfaceName(primaryMAC)
+
+		if err != nil {
+			return errors.Wrapf(err, "failed to SetupHostNetwork")
+		}
 		// If node port support is enabled, configure the kernel's reverse path filter check on eth0 for "loose"
 		// filtering.  This is required because
 		// - NodePorts are exposed on eth0
@@ -163,9 +194,11 @@ func (n *linuxNetwork) SetupHostNetwork(vpcCIDR *net.IPNet, primaryAddr *net.IP)
 		// - Thus, it finds the source-based route that leaves via the secondary ENI.
 		// - In "strict" mode, the RPF check fails because the return path uses a different interface to the incoming
 		//   packet.  In "loose" mode, the check passes because some route was found.
-		const eth0RPFilter = "/proc/sys/net/ipv4/conf/eth0/rp_filter"
+		primaryIntfRPFilter := "/proc/sys/net/ipv4/conf/" + primaryIntf + "/rp_filter"
 		const rpFilterLoose = "2"
-		err := n.setProcSys(eth0RPFilter, rpFilterLoose)
+
+		log.Debugf("Setting RPF for primary interface: %s", primaryIntfRPFilter)
+		err = n.setProcSys(primaryIntfRPFilter, rpFilterLoose)
 		if err != nil {
 			return errors.Wrapf(err, "failed to configure eth0 RPF check")
 		}

pkg/networkutils/network_test.go

@@ -136,7 +136,7 @@ func TestSetupHostNetworkNodePortDisabled(t *testing.T) {
 	mockNetLink.EXPECT().NewRule().Return(&mainENIRule)
 	mockNetLink.EXPECT().RuleDel(&mainENIRule)
 
-	err := ln.SetupHostNetwork(testENINetIPNet, &testENINetIP)
+	err := ln.SetupHostNetwork(testENINetIPNet, "", &testENINetIP)
 	assert.NoError(t, err)
 
 	assert.Equal(t, map[string]map[string][][]string{
@@ -181,7 +181,7 @@ func TestSetupHostNetworkNodePortEnabled(t *testing.T) {
 	mockNetLink.EXPECT().RuleDel(&mainENIRule)
 	mockNetLink.EXPECT().RuleAdd(&mainENIRule)
 
-	err := ln.SetupHostNetwork(testENINetIPNet, &testENINetIP)
+	err := ln.SetupHostNetwork(testENINetIPNet, "", &testENINetIP)
 	assert.NoError(t, err)
 
 	assert.Equal(t, map[string]map[string][][]string{
@@ -241,7 +241,7 @@ func (ipt *mockIptables) Delete(table, chainName string, rulespec ...string) err
 		}
 		updatedChain = append(updatedChain, r)
 	}
-	if ! found {
+	if !found {
 		return errors.New("not found")
 	}
 	ipt.dataplaneState[table][chainName] = updatedChain